CVE-2026-4649 stems from a missing authentication control (CWE-306) in the KNIME Business Hub's integration with Apache Artemis messaging broker. Apache Artemis versions prior to 2.52.0 suffer from an authentication bypass vulnerability (CVE-2026-27446) that allows an attacker with at least normal user privileges and workflow execution rights to register a federated mirror to the Artemis broker without authentication. This federated mirror registration enables the attacker to read all messages exchanged internally via the broker and inject arbitrary messages. Since KNIME Business Hub relies on Apache Artemis for internal messaging, it inherits this vulnerability. The Artemis broker is not exposed externally, so exploitation requires an attacker to have some level of authenticated access within the KNIME environment and the ability to execute workflows. The vulnerability affects all KNIME Business Hub versions before 1.16.3, 1.17.4, and 1.18.0, which ship with the fixed Apache Artemis 2.52.0. The CVSS 4.0 score is 5.3 (medium), reflecting the need for some privileges but no user interaction and the potential for confidentiality and integrity impact. No workarounds are currently known, making patching the only effective mitigation.

The vulnerability allows an attacker with normal user privileges and workflow execution rights to bypass authentication controls on the internal messaging broker, leading to unauthorized disclosure of all messages exchanged within the KNIME Business Hub. This compromises the confidentiality of sensitive data transmitted internally. Additionally, the attacker can inject malicious messages, potentially disrupting workflows, corrupting data, or causing unauthorized actions, impacting data integrity and availability. Since the Artemis broker is not externally exposed, the attack surface is limited to insiders or compromised accounts with workflow execution capabilities. However, in environments where multiple users share access or where workflow execution privileges are granted broadly, the risk of insider threat or lateral movement exploitation is significant. The lack of workarounds increases urgency for patching. Overall, the impact includes potential data leakage, workflow manipulation, and operational disruption within organizations relying on affected KNIME Business Hub versions.

1. Immediately upgrade KNIME Business Hub to versions 1.16.3, 1.17.4, 1.18.0 or later, which include the patched Apache Artemis 2.52.0. 2. Restrict workflow execution privileges strictly to trusted users to minimize the risk of exploitation by insiders or compromised accounts. 3. Implement strong internal access controls and monitoring to detect unusual federated mirror registrations or message injection attempts within the Artemis broker. 4. Audit user permissions regularly to ensure least privilege principles are enforced, especially for users with workflow execution capabilities. 5. Consider network segmentation to isolate the Artemis broker and limit access to only necessary components and users. 6. Monitor logs and alerts for signs of unauthorized message reading or injection activities. 7. Engage with KNIME support or security advisories for any emerging mitigations or patches. Since no workaround exists, patching remains the primary defense.